We have covered news about the security implications of Intel's Management Engine a couple of times previously this year. Several big companies have worked on disabling this underlying management technology for fear of hacks/leaks and so on and another enterprising company has sought to disable Intel's Management Engine from running on privacy focussed laptops.
A day or two ago Intel announced it had completed a review of its ME firmware and created some fixes for that, as well as for the Intel Server Platform Services (SPS) and Intel Trusted Execution Engine (TXE). There is a (Windows and Linux) tool available from Intel that detects vulnerabilities on your PC. However for Elevation of Privilege fixes you will have to rely upon the service of your motherboard maker or laptop OEM.
I ran the detection tool on my (Haswell i7) desktop and found my system wasn't vulnerable. That's not surprising, as the impacted CPUs were said to include the following:
- 6th, 7th & 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
As per our headline, Gigabyte is among the first of Intel's hardware partners to release fixes for Intel ME and TXE security vulnerabilities. The firm directs customers to its official website to download the latest BIOS versions as well as ME and TXE drivers.
Gigabyte will update its motherboards starting with the Z370 and 200 series, and then work through previous generation motherboards as applicable.